US9015826B2 - Mobile platform security apparatus and method - Google Patents

Mobile platform security apparatus and method Download PDF

Info

Publication number
US9015826B2
US9015826B2 US13/234,997 US201113234997A US9015826B2 US 9015826 B2 US9015826 B2 US 9015826B2 US 201113234997 A US201113234997 A US 201113234997A US 9015826 B2 US9015826 B2 US 9015826B2
Authority
US
United States
Prior art keywords
authentication key
authentication
identifier
application program
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/234,997
Other languages
English (en)
Other versions
US20120204255A1 (en
Inventor
Jae Choon PARK
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pantech Corp
Original Assignee
Pantech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pantech Co Ltd filed Critical Pantech Co Ltd
Assigned to PANTECH CO., LTD. reassignment PANTECH CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PARK, JAE CHOON
Publication of US20120204255A1 publication Critical patent/US20120204255A1/en
Application granted granted Critical
Publication of US9015826B2 publication Critical patent/US9015826B2/en
Assigned to PANTECH INC. reassignment PANTECH INC. DE-MERGER Assignors: PANTECH CO., LTD.
Assigned to PANTECH INC. reassignment PANTECH INC. CORRECTIVE ASSIGNMENT TO CORRECT THE PATENT APPLICATION NUMBER 10221139 PREVIOUSLY RECORDED ON REEL 040005 FRAME 0257. ASSIGNOR(S) HEREBY CONFIRMS THE PATENT APPLICATION NUMBER 10221139 SHOULD NOT HAVE BEEN INCLUED IN THIS RECORDAL. Assignors: PANTECH CO., LTD.
Assigned to PANTECH INC. reassignment PANTECH INC. CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVAL OF PATENTS 09897290, 10824929, 11249232, 11966263 PREVIOUSLY RECORDED AT REEL: 040654 FRAME: 0749. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER. Assignors: PANTECH CO., LTD.
Assigned to PANTECH CORPORATION reassignment PANTECH CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PANTECH INC.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • This disclosure relates to a technology for protecting a mobile communication terminal from an abnormal or unintentional operation of an application program installed on a platform of the mobile communication terminal.
  • a platform refers to a system environment that allows an application program to be executed. Recently, an open platform has been developed to provide users with various services for user convenience as well as profitability for various application developers providing these services.
  • This open service environment may provide users with access to various services and applications as described above.
  • the open service environment may be disadvantageous in that it may be open to a risk of data leakage of personal user data, virus infection, and fatal system errors that may be caused by malicious applications.
  • an application may be designed to call an open platform application programming interface (API) in an open service environment
  • API application programming interface
  • various problems may arise, such as data leakage of users, abnormal charging, and the like.
  • a user may install an application, which the user may believe to simply provide an alarm function.
  • the application may obtain a user's phonebook list by calling a platform API accessible to a user phonebook without the user's knowledge, and when a platform API that permits the use of a network is called, phonebook data may be leaked.
  • Exemplary embodiments of the present invention provide a mobile platform security apparatus and method.
  • Exemplary embodiments of the present invention provide an authentication key generating unit to generate a first authentication key, a second authentication key, and a third authentication key corresponding to a function called by an application program; a first storage unit to store the first authentication key and an identifier to identify the application program; a second storage unit to store the second authentication key and the identifier; and an authentication information registering unit to register the third authentication key and the identifier as a function parameter in the application program.
  • Exemplary embodiments of the present invention provide a mobile platform security method using a non-transitory processor for authenticating a function of an application program in a mobile communication terminal, the method including generating a first authentication key, a second authentication key, and a third authentication key corresponding to a function called by an application program; storing the first authentication key and an identifier for identifying the application program in a first storage unit; storing the second authentication key and the identifier in a secret domain of a second storage unit; and registering the third authentication key and the identifier as a function parameter in the application program.
  • Exemplary embodiments of the present invention provide a mobile platform security method using a non-transitory processor for authenticating a function of an application program in a mobile communication terminal, the method including generating a first authentication key, a second authentication key, and a third authentication key, corresponding to a function called by an application program; registering the third authentication key and the identifier as a function parameter in the application program; comparing the authentication keys; and permitting access to the called function if the three authentication keys correspond to one another, and denying access to the called function if the three authentication keys do not correspond to one another.
  • FIG. 1 is a block diagram illustrating a platform according to an exemplary embodiment of the invention.
  • FIG. 2 is a block diagram illustrating a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 3 is a diagram illustrating a first authentication key stored in the mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 4 is a diagram illustrating a second authentication key stored in the mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 5 is a diagram illustrating a function parameter registered in the mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 6 is a flowchart illustrating a method for setting an authentication key of an application program in a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 7 is a flowchart illustrating a method for performing authentication, if a function of an application program is called, in a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • Exemplary embodiments of the invention may provide a platform security apparatus and method for protecting a mobile communication terminal from an abnormal or unintentional operation of an application program installed on a platform of the mobile communication terminal.
  • FIG. 1 is a block diagram illustrating a platform according to an exemplary embodiment of the invention.
  • platform 120 may be a software layer to provide an environment where an application program 130 may be installed and executed.
  • the application program 130 installed on the platform 120 may be created or programmed using an application programming interface (API) provided by the platform 120 .
  • API application programming interface
  • the API may be a set of subroutines or functions that an application program may call to perform processing on an operating system (OS).
  • OS operating system
  • the API may also refer to a set of functions defining a functionality of the OS and a method for using that functionality.
  • the application program 130 developed in accordance with a reference standard of the platform 120 , may be operated regardless of an OS 110 . That is, the application program 130 may access and execute a function on a file or a data domain managed by the OS 110 through API calling of the platform 120 .
  • FIG. 2 is a block diagram illustrating a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • the mobile platform security apparatus 200 may be made in a platform core of a mobile platform installed in a mobile communication terminal and the like.
  • the mobile platform security apparatus 200 may limit or prevent the execution of a function or operation not authenticated by a user if a reference application program performs a plurality of functionalities.
  • the mobile platform security apparatus 200 may prevent an application program, which may simply provide an alarm function in a mobile communication terminal, from calling or accessing an API accessible to a phonebook and/or from reading or leaking phonebook data.
  • the mobile platform security apparatus 200 includes an authentication key generating unit 210 , a first storage unit 220 , a second storage unit 230 , an authentication information registering unit 240 , and an authentication processing unit 250 . Further, one or more of the components of the mobile platform security apparatus 200 may interact with an application 260 and/or a platform API 270 .
  • the authentication key generating unit 210 may generate three authentication keys, including a first authentication key, a second authentication key, and a third authentication key for each function called by an application program 260 .
  • the function called by the application program 260 may represent a functionality of the application program 260 , and the called function may be a function of the platform API 270 . As shown in FIG. 2 , if a function_a and a function_b are called during execution of APP_X, the function_a and the function_b may each refer to a functionality of the APP_X.
  • the authentication key generating unit 210 may analyze a code of the APP_X to determine that function_a and function_b are being called. Accordingly, the authentication key generating unit 210 may generate authentication keys, K Xa 1 , K Xa 2 , and K Xa 3 , corresponding to the function_a and authentication keys, K Xb 1 , K Xb 2 , and K Xb 3 , corresponding to the function_b.
  • three authentication keys may also be generated if an application program is installed or if a user makes a selection through an option menu.
  • the authentication key may be an arbitrary number, an arbitrary symbol, and/or combination thereof.
  • a set of three authentication keys may be independently generated for each functionality or for each function, not to be overlapped with an authentication key used to call other functions.
  • the three authentication keys may be generated such that the three authentication keys have the same or similar values, so that the first authentication key, the second authentication key, and the third authentication key may have the same or similar values.
  • the three authentication keys may be generated such that the three authentication keys have different values, based on an authentication method of the authentication processing unit 250 .
  • the first storage unit 220 may store an identifier of the application program and the first authentication key among the three authentication keys. According to aspects of the invention, the first storage unit 220 may be a file system, a system memory, or the like.
  • the second storage unit 230 may store the identifier of the application program and the second authentication key among the three authentication keys in a secret domain.
  • the second storage unit 230 may be a system memory or other suitable secret domains.
  • the second storage unit 230 may be used to prevent duplication and destruction of the first storage unit 220 , and modification of the first authentication key.
  • first storage unit 220 and the second storage unit 230 are illustrated in FIG. 2 as a feature of the mobile platform security apparatus 200 , aspects are not limited thereto such that the first storage unit 220 and the second storage unit 230 may be external to the mobile platform security apparatus 200 and/or accessible via a wired and/or wireless communication network.
  • the secret domain of the second storage unit 230 may be domain accessible, meaning that the data stored in the secret domain may be read and new data may be written, by at least one of the authentication key generating unit 210 and/or the authentication processing unit 250 .
  • the secret domain of the second storage unit 230 may be domain accessible only by the authentication key generating unit 210 or the authentication processing unit 250 .
  • the identifier and the first authentication key stored in the first storage unit 220 may be accessed by at least one of the authentication key generating unit 210 and/or the authentication processing unit 250 .
  • the first storage unit 220 may be accessible only by the authentication key generating unit 210 or the authentication processing unit 250 .
  • the identifier of the application program is represented as APP_X, APP_Y, and the like.
  • the representations of an identifier of the application programs are not limited to these examples.
  • the identifier of the application program may also be a name of the application program, root directory of the application program, or the like.
  • the generated authentication keys and the identifiers of the application program may be matched to correspond to each other and may be stored in the first storage unit 220 or the second storage unit 230 in a table form.
  • the authentication information registering unit 240 may register a third authentication key among three authentication keys and the identifier of the application program as a function parameter in the application program.
  • the authentication information registering unit 240 may record the generated third authentication key and the identifier of the application program in a reference data domain related to a code domain where the application program may be installed.
  • the application program may call a function of the platform API 270 using the function parameter, including the generated third authentication key and the identifier of the application program.
  • FIG. 3 is a diagram illustrating a first authentication key stored in a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 3 illustrates an example of information stored in the first storage unit 220 .
  • a table 300 stores an identifier of an application program 310 column, a function column, and a first authentication key 320 column.
  • the table 300 may include a name of the application program 310 (e.g., APP_X, APP_Y, and APP_Z), name of a function (e.g., Function_a, Function_b, Function_c), and the first authentication key 320 (e.g., K Xa 1 , K Xb 1 , K Ya 1 , K Yc 1 ) generated for each application program.
  • the first authentication key 320 may correspond to each function of the application program 310 .
  • an authentication key K Xa 1 may be assigned to the function_a of the APP_X and an authentication key K Ya 1 may be assigned to the function_a of the APP_Y.
  • the name of an application program and the authentications key may be matched to correspond to each other and stored in the first storage unit 220 .
  • FIG. 4 is a diagram illustrating a second authentication key stored in the mobile platform security apparatus 200 according to an exemplary embodiment of the invention.
  • a table 400 stores an identifier of an application program 410 column, a function column, and a second authentication key column.
  • the table 400 may include a name of the application program 410 (e.g., APP_X, APP_Y, and APP_Z), name of a function (e.g., Function_a, Function_b, Function_c), and the second authentication key 420 (e.g., K Xa 2 , K Xb 2 , K Ya 2 , K Yc 2 ) generated for each application program, and/or each name and each functionality of a function.
  • the identifier of the application program 410 and the second authentication key 420 may be stored in a secret domain of the second storage unit 230 in a table form as shown in FIG. 4 .
  • the authentication information registering unit 240 may register the third authentication key among three authentication keys and the identifier of the application program as a function parameter in the application program.
  • the authentication information registering unit 240 may record the generated third authentication key and the identifier of the application program in a reference data domain related to a code domain where the application program may be installed.
  • the application program may call a function or operation of the platform API 270 using the function parameter including the generated third authentication key and the identifier of the application program.
  • FIG. 5 is a diagram illustrating a function parameter registered in a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • FIG. 5 may be an example of a generated third authentication key provided as a function parameter of an application program.
  • a code domain 510 is a data domain where APP_X is installed
  • a code domain 520 is a data domain where APP_Y is installed
  • an additional domain 530 and an additional domain 540 may each represent the third authentication key (e.g., K Xa 3 , K Xb 3 , K Xc 3 , K Xd 3 ) and the identifier of the application program (e.g., APP_X, APP_Y) registered as the function parameter.
  • the authentication information registering unit 240 may register the third generated authentication key and the identifier of the application program in a reference data domain related to a code domain where the application program may be installed. Further, since the name of the application program may be determined using a return address of an API call, the identifier of the application program may also be registered by storing a location of the application program code during installation of the application program.
  • the authentication processing unit 250 may retrieve the third authentication key and the identifier included in the function parameter included in the application program, and determine whether the first authentication key and the second authentication key correspond with the third authentication key and/or the identifier to authenticate the function called by the application program. If the first authentication key and the second authentication key correspond to the third authentication key and/or the identifier, then the function called by the application program may be authenticated.
  • the first authentication key corresponding to the identifier and the called function may be stored in the first storage unit 220 .
  • the second authentication key corresponding to the identifier and the called function may be stored in the second storage unit 230 .
  • the authentication processing unit 250 may perform authentication processing by executing an authentication operation using two authentication keys among the first, second, and third authentication keys, and by comparing the authentication operation result with the remaining authentication key. That is, if the authentication operation result determines that the three authentication keys correspond to each other, the authentication processing unit 250 may determine successful authentication and may permit access to the called function. If one of the authentication key is determined to be different or not corresponding to the other authentication keys, the authentication processing unit 250 may determine that the authentication process has failed and may block access to the called function.
  • the authentication operation is simply an addition (+) operation, which adds two authentication keys to equal to a third key
  • successful authentication may be determined if Equation 1 shown below is determined to be valid.
  • an addition operation as an authentication operation
  • the aspects of the invention is not limited thereto and may also use, as an authentication operation, an operation that does not estimate a value of the remaining authentication key using values of the two authentication keys.
  • First authentication key+Second authentication key Third authentication key [Equation 1]
  • the authentication processing unit 250 may determine the values of the first authentication key, the second authentication key, and the third authentication key, and determine whether the determined values of the first authentication key, the second authentication key, and the third authentication key are equal to each other. If the values of the authentication keys are all equal, the authentication processing unit 250 may determine the authentication process to be successful. If the authentication keys are not all equal, the authentication processing unit 250 may determine authentication process as having failed.
  • FIG. 6 is a flowchart illustrating a method for setting an authentication key of an application program in a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • the mobile platform security apparatus 200 may generate three authentication keys for each function called by the application program in operation 620 .
  • the security setting event may occur while or after the application program is installed, or if a user makes a selection through an option menu.
  • the three authentication keys may be generated such that the three authentication keys have the same or similar values, so that a first authentication key, a second authentication key, and a third authentication key may be same or similar to each other. Further, the three authentication keys may be generated such that the three authentication keys have different values, based on an authentication method of the authentication processing unit 250 .
  • the mobile platform security apparatus 200 may store the first authentication key and an identifier in the first storage unit 220 .
  • the mobile platform security apparatus 200 may store the second authentication key and the identifier in a secret domain of the second storage unit 230 .
  • the secret domain of the second storage unit 230 may be domain accessible, such that the information stored in the domain may be readable and writable by at least one of the authentication key generating unit 210 and/or the authentication processing unit 250 .
  • the secret domain of the second storage unit 230 may be domain accessible only by the authentication key generating unit 210 or the authentication processing unit 250 .
  • the mobile platform security apparatus 200 may register the third authentication key and the identifier as a function parameter in the application program.
  • FIG. 7 is a flowchart illustrating a method for performing authentication, if a function of an application program is called, in a mobile platform security apparatus according to an exemplary embodiment of the invention.
  • the mobile platform security apparatus 200 may retrieve the third authentication key and the identifier included in the function parameter in the application program in operation 720 .
  • the mobile platform security apparatus 200 may determine the first authentication key corresponding to the identifier and the called function in the first storage unit 220 .
  • the mobile platform security apparatus 200 may determine the second authentication key corresponding to the identifier and the called function in the second storage unit 230 .
  • the mobile platform security apparatus 200 may perform authentication processing using the first authentication key, the second authentication key, and the third authentication key. Further, the mobile platform security apparatus 200 may determine whether successful authentication was achieved.
  • the mobile platform security apparatus 200 may perform authentication processing, by executing an authentication operation, using two authentication keys among the first authentication key, the second authentication key, and the third authentication key. More specifically, the mobile platform security apparatus 200 may perform authentication processing by comparing the authentication operation result of the two authentication keys with the remaining authentication key to determine whether the authentication operation result is equal or similar to the other authentication key. If the first authentication key, the second authentication key, and the third authentication key are generated to have the same or similar values, the mobile platform security apparatus 200 may determine that the values of the first authentication key, the second authentication key, and the third authentication keys are all equal. If the values of the first authentication key, the second authentication key, and the third authentication key are determined to be all equal, the mobile platform security apparatus 200 may determine successful authentication. If the values of the first authentication key, the second authentication key, and the third authentication key are not determined to be all equal, the mobile platform security apparatus 200 may determine that the authentication has failed.
  • the mobile platform security apparatus 200 may permit access to the called function in operation 760 .
  • the mobile platform security apparatus 200 may block access to the called function in operation 770 .
  • Exemplary embodiments of the present invention may generate three authentication keys for each function called by an application program.
  • One among the three authentication keys may be generated as a function parameter.
  • Two of the three authentication keys may be generated as a first authentication key and a second authentication key, which may be stored and be used to perform authentication.
  • Exemplary embodiments of the present invention may be recorded in non-transitory computer-readable media including program instructions to implement various operations embodied by a computer.
  • the media may also include, alone or in combination with the program instructions, data files, data structures, and the like.
  • Examples of non-transitory computer-readable media include magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD ROM discs and DVDs; magneto-optical media such as optical discs; and hardware devices that are specially configured to store and perform program instructions, such as read-only memory (ROM), random access memory (RAM), flash memory, and the like.
  • Examples of program instructions include both machine code, such as produced by a compiler, and files containing higher level code that may be executed by the computer using an interpreter.
  • the described hardware devices may be configured to act as one or more software modules in order to perform the operations of the above-described exemplary embodiments of the present invention, or vice versa.
US13/234,997 2011-02-08 2011-09-16 Mobile platform security apparatus and method Active 2033-09-13 US9015826B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20110011100A KR101250661B1 (ko) 2011-02-08 2011-02-08 모바일 플랫폼 보안 장치 및 방법
KR10-2011-0011100 2011-02-08

Publications (2)

Publication Number Publication Date
US20120204255A1 US20120204255A1 (en) 2012-08-09
US9015826B2 true US9015826B2 (en) 2015-04-21

Family

ID=46601587

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/234,997 Active 2033-09-13 US9015826B2 (en) 2011-02-08 2011-09-16 Mobile platform security apparatus and method

Country Status (2)

Country Link
US (1) US9015826B2 (ko)
KR (1) KR101250661B1 (ko)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170093793A1 (en) * 2015-09-29 2017-03-30 Verisign, Inc. Domain name operation verification code generation and/or verification
US10511570B2 (en) 2016-08-30 2019-12-17 Verisign, Inc. Systems, devices, and methods for locality-based domain name registry operation verification

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761B (zh) * 2012-09-28 2017-07-18 中国电信股份有限公司 开放接口调用的认证方法与系统
US9280660B2 (en) 2013-03-15 2016-03-08 Cognizant Business Services Limited Mobile information management methods and systems
JP6465102B2 (ja) * 2014-03-28 2019-02-06 ソニー株式会社 情報処理装置、情報処理方法、およびプログラム
JP6561436B2 (ja) * 2014-07-17 2019-08-21 セイコーエプソン株式会社 情報処理装置、情報処理装置を制御する方法、コンピュータープログラム
KR102422372B1 (ko) * 2014-08-29 2022-07-19 삼성전자 주식회사 생체 정보와 상황 정보를 이용한 인증 방법 및 장치
US10127375B2 (en) * 2015-03-07 2018-11-13 Protegrity Corporation Enforcing trusted application settings for shared code libraries

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040230801A1 (en) * 2003-03-14 2004-11-18 Sony Corporation Data processing device and method and program of same
US20050135626A1 (en) * 2003-12-22 2005-06-23 International Business Machines Corporation Key cache management through multiple localities
US20050144138A1 (en) * 1999-04-30 2005-06-30 Kabushiki Kaisha Toshiba Contents managing method and contents managing apparatus
US20080114993A1 (en) * 2006-11-14 2008-05-15 Texas Instruments Incorporated Electronic devices, information products, processes of manufacture and apparatus for enabling code decryption in a secure mode using decryption wrappers and key programming applications, and other structures
US20090013183A1 (en) * 2004-09-21 2009-01-08 Tomoya Sato Confidential Information Processing Method, Confidential Information Processor, and Content Data Playback System
US20090208005A1 (en) * 2007-12-11 2009-08-20 Masafumi Kusakawa Key generating device, encrypting device, receiving device, key generating method, encrypting method, key processing method, and program
US20090245509A1 (en) * 2003-09-19 2009-10-01 Tsutomu Shimosato Transmitting apparatus, receiving apparatus, and data transmitting system
US20090307783A1 (en) * 2006-04-24 2009-12-10 Manabu Maeda Data processing device, method, program, integrated circuit, and program generating device
US20100128876A1 (en) * 2008-11-21 2010-05-27 Yang Jin Seok Method of distributing encoding/decoding program and symmetric key in security domain environment and data divider and data injector therefor
US20110067097A1 (en) * 2009-09-16 2011-03-17 Pantech Co., Ltd. Platform security apparatus and method thereof
US20110307697A1 (en) * 2010-06-10 2011-12-15 Ricoh Company, Ltd. Information protection apparatus, information protection method, and storage medium
US20120131354A1 (en) * 2009-06-22 2012-05-24 Barclays Bank Plc Method and system for provision of cryptographic services
US20130018797A1 (en) * 2008-07-16 2013-01-17 Safety Angle Inc. Authentication System and Authentication Method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000043357A (ko) * 1998-12-24 2000-07-15 구자홍 복수의 마스터 키의 생성 및 이를 이용한 스마트카드 인증방법
WO2003021467A1 (en) * 2001-08-13 2003-03-13 Qualcomm, Incorporated Using permissions to allocate device resources to an application
US8225093B2 (en) * 2006-12-05 2012-07-17 Qualcomm Incorporated Providing secure inter-application communication for a mobile operating environment
AU2009222082A1 (en) * 2008-03-04 2009-09-11 Apple Inc. Managing code entitlements for software developers in secure operating environments

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050144138A1 (en) * 1999-04-30 2005-06-30 Kabushiki Kaisha Toshiba Contents managing method and contents managing apparatus
US20040230801A1 (en) * 2003-03-14 2004-11-18 Sony Corporation Data processing device and method and program of same
US20090245509A1 (en) * 2003-09-19 2009-10-01 Tsutomu Shimosato Transmitting apparatus, receiving apparatus, and data transmitting system
US20050135626A1 (en) * 2003-12-22 2005-06-23 International Business Machines Corporation Key cache management through multiple localities
US20090013183A1 (en) * 2004-09-21 2009-01-08 Tomoya Sato Confidential Information Processing Method, Confidential Information Processor, and Content Data Playback System
US20090307783A1 (en) * 2006-04-24 2009-12-10 Manabu Maeda Data processing device, method, program, integrated circuit, and program generating device
US20080114993A1 (en) * 2006-11-14 2008-05-15 Texas Instruments Incorporated Electronic devices, information products, processes of manufacture and apparatus for enabling code decryption in a secure mode using decryption wrappers and key programming applications, and other structures
US8032764B2 (en) * 2006-11-14 2011-10-04 Texas Instruments Incorporated Electronic devices, information products, processes of manufacture and apparatus for enabling code decryption in a secure mode using decryption wrappers and key programming applications, and other structures
US20090208005A1 (en) * 2007-12-11 2009-08-20 Masafumi Kusakawa Key generating device, encrypting device, receiving device, key generating method, encrypting method, key processing method, and program
US20130018797A1 (en) * 2008-07-16 2013-01-17 Safety Angle Inc. Authentication System and Authentication Method
US20100128876A1 (en) * 2008-11-21 2010-05-27 Yang Jin Seok Method of distributing encoding/decoding program and symmetric key in security domain environment and data divider and data injector therefor
US20120131354A1 (en) * 2009-06-22 2012-05-24 Barclays Bank Plc Method and system for provision of cryptographic services
US20110067097A1 (en) * 2009-09-16 2011-03-17 Pantech Co., Ltd. Platform security apparatus and method thereof
US20110307697A1 (en) * 2010-06-10 2011-12-15 Ricoh Company, Ltd. Information protection apparatus, information protection method, and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Egan, Achieving Supercomputer Performance in a Low Pain Environment, 1990, IEEE, pp. 205-207. *
Shoutan et al, High-Performance Rekeying Processor Architecture for Group Key Management, Oct. 2009, IEEE, vol. 58, No. 10, pp. 1421-1434. *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170093793A1 (en) * 2015-09-29 2017-03-30 Verisign, Inc. Domain name operation verification code generation and/or verification
US10560427B2 (en) * 2015-09-29 2020-02-11 Verisign, Inc. Domain name operation verification code generation and/or verification
US20200162424A1 (en) * 2015-09-29 2020-05-21 Verisign, Inc. Domain name operation verification code generation and/or verification
US11637804B2 (en) * 2015-09-29 2023-04-25 Verisign, Inc. Domain name operation verification code generation and/or verification
US10511570B2 (en) 2016-08-30 2019-12-17 Verisign, Inc. Systems, devices, and methods for locality-based domain name registry operation verification

Also Published As

Publication number Publication date
KR101250661B1 (ko) 2013-04-03
US20120204255A1 (en) 2012-08-09
KR20120090588A (ko) 2012-08-17

Similar Documents

Publication Publication Date Title
US9015826B2 (en) Mobile platform security apparatus and method
EP2302549B1 (en) Platform security apparatus and method thereof
US9292680B2 (en) Mobile terminal detection method and mobile terminal
CN103377332B (zh) 访问应用程序的方法及装置
KR100607423B1 (ko) 사용허가를 이용한 장치자원의 애플리케이션으로의 할당
US8375458B2 (en) System and method for authenticating code executing on computer system
US20090193211A1 (en) Software authentication for computer systems
CA2744358C (en) Method, apparatus, and computer program product for managing software versions
US20150222637A1 (en) Secure inter-process communication and virtual workspaces on a mobile device
CN108763951B (zh) 一种数据的保护方法及装置
KR20060089658A (ko) 애플리케이션 실행의 보안 관리 프로세스
US20120137372A1 (en) Apparatus and method for protecting confidential information of mobile terminal
WO2011134207A1 (zh) 软件保护方法
US10713381B2 (en) Method and apparatus for securely calling fingerprint information, and mobile terminal
CN103455520A (zh) 安卓数据库访问的方法及设备
US20140157436A1 (en) Information processing apparatus and method of controlling same
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN104915266A (zh) 一种应用程序保护方法及装置
CN107392010B (zh) 执行Root操作的方法及装置、终端设备、存储介质
CN112733091A (zh) 一种应用程序访问外接设备的控制方法及装置
CN114580005B (zh) 数据访问方法、计算机设备及可读存储介质
CN107862202A (zh) 软件禁用处理方法和装置
CN115729467A (zh) 存储设备的访问控制方法及相关装置
CN114003336A (zh) 一种云平台中虚拟机加密方法、装置、设备及介质
JP5305864B2 (ja) 情報処理装置、情報処理方法及び情報処理プログラム

Legal Events

Date Code Title Description
AS Assignment

Owner name: PANTECH CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PARK, JAE CHOON;REEL/FRAME:027256/0992

Effective date: 20110829

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: PANTECH INC., KOREA, REPUBLIC OF

Free format text: DE-MERGER;ASSIGNOR:PANTECH CO., LTD.;REEL/FRAME:040005/0257

Effective date: 20151022

AS Assignment

Owner name: PANTECH INC., KOREA, REPUBLIC OF

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE PATENT APPLICATION NUMBER 10221139 PREVIOUSLY RECORDED ON REEL 040005 FRAME 0257. ASSIGNOR(S) HEREBY CONFIRMS THE PATENT APPLICATION NUMBER 10221139 SHOULD NOT HAVE BEEN INCLUED IN THIS RECORDAL;ASSIGNOR:PANTECH CO., LTD.;REEL/FRAME:040654/0749

Effective date: 20151022

AS Assignment

Owner name: PANTECH INC., KOREA, REPUBLIC OF

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVAL OF PATENTS 09897290, 10824929, 11249232, 11966263 PREVIOUSLY RECORDED AT REEL: 040654 FRAME: 0749. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER;ASSIGNOR:PANTECH CO., LTD.;REEL/FRAME:041413/0799

Effective date: 20151022

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FEPP Fee payment procedure

Free format text: SURCHARGE FOR LATE PAYMENT, LARGE ENTITY (ORIGINAL EVENT CODE: M1554); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: PANTECH CORPORATION, KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PANTECH INC.;REEL/FRAME:052662/0609

Effective date: 20200506

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8